引入
路由器中的代理方式已全部换成TPROXY,TCP和UDP都是TPROXY,DNS使用Redit-Host
如果是客户端使用,仍然推荐使用fake-ip
具体配置
port: 8080
socks-port: 1080
allow-lan: true
bind-address: '*'
mode: rule
log-level: info
ipv6: false
profile:
store-selected: true
store-fake-ip: false
unified-delay: true
tcp-concurrent: true
dns:
enable: true
ipv6: false
listen: '[::]:1053'
enhanced-mode: redir-host
use-hosts: true
rebind: false
default-nameserver:
- 10.115.15.1
proxy-server-nameserver:
- 10.115.15.1
direct-nameserver:
- 10.115.15.1
nameserver:
- 'https://8.8.8.8/dns-query'
- 'https://1.1.1.1/dns-query'
nameserver-policy:
'geosite:category-games,category-game-platforms-download,category-game-accelerator-cn,geolocation-!cn@cn':
- 10.115.15.1
'geosite:geolocation-!cn,geolocation-cn@!cn,category-dev':
- 'https://8.8.8.8/dns-query'
- 'https://1.1.1.1/dns-query'
'geosite:geolocation-cn,tld-cn':
- 10.115.15.1
respect-rules: true
prefer-h3: false
use-system-hosts: true
proxy-providers:
AIR_PORT_HK:
url: ''
filter: '(?=.*(港|hk|🇭🇰|(?i)Hong))^((?!(台|日|韩|新|深|美|实验)).)*$'
type: http
interval: 86400
health-check:
enable: true
url: https://www.google.com/
interval: 300
proxy: DIRECT
header:
User-Agent:
- 'mihomo'
AIR_PORT_US:
url: ''
filter: '(?=.*(美|us|🇺🇸|(?i)states|(?i)unitedstates))^((?!(台|日|韩|新|深|港|实验)).)*$'
type: http
interval: 86400
health-check:
enable: true
url: https://www.google.com/
interval: 300
proxy: DIRECT
header:
User-Agent:
- 'mihomo'
AIR_PORT_ALL:
url: ''
type: http
interval: 86400
health-check:
enable: true
url: https://www.google.com/
interval: 300
proxy: DIRECT
header:
User-Agent:
- 'mihomo'
VIOLET_NODE_LIST_US:
url: ''
filter: '(?=.*(美|us|🇺🇸|(?i)states|(?i)unitedstates))^((?!(台|日|韩|新|深|港|实验)).)*$'
type: http
interval: 86400
health-check:
enable: true
url: https://www.google.com/
interval: 300
proxy: DIRECT
header:
User-Agent:
- 'mihomo'
VIOLET_NODE_LIST_HK:
url: ''
filter: '(?=.*(港|hk|🇭🇰|(?i)Hong))^((?!(台|日|韩|新|深|美|实验)).)*$'
type: http
interval: 86400
health-check:
enable: true
url: https://www.google.com/
interval: 300
proxy: DIRECT
header:
User-Agent:
- 'mihomo'
VIOLET_NODE_LIST_ALL:
url: ''
type: http
interval: 86400
health-check:
enable: true
url: https://www.google.com/
interval: 300
proxy: DIRECT
header:
User-Agent:
- 'mihomo'
proxies:
- name: hk_CNF_EXIT_SS
server:
port: 12042
client-fingerprint: chrome
type: ss
cipher: 2022-blake3-aes-256-gcm
password:
tfo: false
udp: true
proxy-groups:
- {
name: PROXY,
type: select,
proxies:
[
HK_AUTO_CHAIN,
HK_SELECT_CHAIN,
HK_SELECT,
SG_SELECT,
US_SELECT,
HK_FALLBACK,
SG_FALLBACK,
US_FALLBACK,
ALL_SELECT,
DIRECT,
],
}
- { name: MATCH, type: select, proxies: [PROXY, DIRECT] }
- name: HK_SELECT_CHAIN
type: relay
proxies:
- HK_SELECT
- hk_CNF_EXIT_SS
- name: HK_AUTO_CHAIN
type: relay
proxies:
- HK_FALLBACK
- hk_CNF_EXIT_SS
- {
name: HK_SELECT,
type: select,
use: [AIR_PORT_HK, VIOLET_NODE_LIST_HK],
filter: '(?=.*(港|🇭🇰|hk|(?i)Hong))^((?!(台|日|韩|新|深|美)).)*$',
}
- {
name: SG_SELECT,
type: select,
include-all: true,
filter: '(?=.*(新|sg|(?i)Singapore))^((?!(港|台|日|韩|美|西)).)*$',
}
- {
name: US_SELECT,
type: select,
use: [AIR_PORT_US, VIOLET_NODE_LIST_US],
filter: '(?=.*(美|🇺🇸|(?i)States|us|(?i)unitedstates))^((?!(台|日|韩|新|深|港)).)*$',
}
- { name: HK_FALLBACK, type: fallback, use: [AIR_PORT_HK], tolerance: 20, interval: 300 }
- {
name: SG_FALLBACK,
type: fallback,
include-all: true,
tolerance: 20,
interval: 300,
filter: '(?=.*(新|sg|(?i)Singapore))^((?!(港|台|日|韩|美|西)).)*$',
}
- { name: US_FALLBACK, type: fallback, use: [AIR_PORT_US], tolerance: 20, interval: 300 }
- { name: ALL_SELECT, type: select, include-all: true, use: [AIR_PORT_ALL, VIOLET_NODE_LIST_ALL] }
rules:
- AND,((NETWORK,UDP),(DST-PORT,443)),REJECT
- DOMAIN-SUFFIX,mojang.com,PROXY
- DOMAIN-SUFFIX,hkt.violet.vin,DIRECT
- DOMAIN-SUFFIX,vio.vin,DIRECT
- DOMAIN-SUFFIX,violet.vin,PROXY
- DOMAIN-SUFFIX,tailscale.io,DIRECT
- DOMAIN-SUFFIX,ts.net,DIRECT
- DOMAIN-SUFFIX,hk1.pro.xns.one,DIRECT
- DOMAIN-SUFFIX,hk.pro.xns.one,DIRECT
- DOMAIN-SUFFIX,vxcdn.novaxns.one,DIRECT
- DOMAIN-SUFFIX,fastly.xns.my.id,PROXY
- DOMAIN-SUFFIX,global.novaxns.one,PROXY
- DOMAIN-SUFFIX,lala.gg,DIRECT
- GEOSITE,category-games,DIRECT
- GEOSITE,category-game-platforms-download,DIRECT
- GEOSITE,category-game-accelerator-cn,DIRECT
- GEOSITE,category-ai-!cn,US_SELECT
- GEOSITE,geolocation-!cn@cn,DIRECT
- GEOSITE,geolocation-!cn,PROXY
- GEOSITE,geolocation-cn@!cn,PROXY
- GEOSITE,geolocation-cn,DIRECT
- GEOSITE,tld-cn,DIRECT
- GEOSITE,category-dev,PROXY
- GEOIP,CN,DIRECT
- GEOIP,private,DIRECT
- MATCH,MATCH
find-process-mode: off
keep-alive-idle: 600
keep-alive-interval: 15
external-ui: ui
external-ui-url: https://github.com/Zephyruso/zashboard/archive/refs/heads/gh-pages.zip
external-controller: '[::]:9090'
secret: '998879'
mixed-port: 7890
redir-port: 7891
tproxy-port: 7892
tun:
enable: false
auto-route: false
auto-redirect: false
auto-detect-interface: false
device: nikki
stack: system
mtu: 9000
gso: true
gso-max-size: 65536
endpoint-independent-nat: false
sniffer:
enable: true
force-dns-mapping: true
parse-pure-ip: true
sniff:
HTTP:
port:
- '80'
- '8080'
override-destination: true
TLS:
port:
- '443'
- '8443'
override-destination: true
QUIC:
port:
- '443'
- '8443'
override-destination: true
geodata-mode: true
geodata-loader: standard
geox-url:
geosite: https://testingcf.jsdelivr.net/gh/v2fly/domain-list-community@release/dlc.dat
mmdb: https://ghfast.top/https://github.com/MetaCubeX/meta-rules-dat/releases/download/latest/geoip.metadb
geoip: https://cdn.jsdelivr.net/gh/Loyalsoldier/geoip@release/geoip.dat
asn: https://cdn.jsdelivr.net/gh/Loyalsoldier/geoip@release/GeoLite2-ASN.mmdb
geo-auto-update: true
geo-update-interval: 30
此处只对部分配置做出说明
DNS配置
rebind: false
default-nameserver:
- 223.5.5.5
nameserver:
- https://cloudflare-dns.com/dns-query
nameserver-policy:
"geosite:cn,private,category-game-accelerator-cn,category-games,apple,apple-cn":
- 10.115.15.1
proxy-server-nameserver:
- 10.115.15.1- rebind:如果DNS返回的IP为内网IP则丢弃,关闭原因是对自己使用的DNS提供商足够自信,不会有DNS污染,自己有一些服务部署在内网,配置了域名,需要获取到内网IP
- default-nameserver:用于解析nameserver中的IP,也可以使用基于IP的HTTPS
- nameserver:默认DNS,除了nameserver-policy中指定的,其余都使用这个DNS
- nameserver-policy:DNS分流规则
- geosite:cn,private,category-game-accelerator-cn,category-games,apple,apple-cn:直连DNS
- proxy-server-nameserver:节点中的域名解析为IP使用的DNS
嗅探
启用并配置对应需要嗅探的端口
其他
- find-process-mode:匹配进程,路由器中不需要
- tun:不需要,使用TPROXY
最终效果
类型为TProxy
域名匹配规则生效
分流正常
0